Research On Password-Authenticated Key Exchange Protocols

Nowadays, a lot of commercial activities and government services have been conducted and provided over an open and vulnerable communications network such as the Internet. It is very important to securely communicate with the intended communication partners. The security service needed here is authentication and key exchange. Authentication and key exchange is the basis of building a secure communication channel, and it finds extensive applications in real life.In practice, password-authenticated key exchange protocols fits for many applications in various environments, especially in the environment that lacks specific devices for securely storing random cryptographic keys. Based on a comprehensive survey and analysis of the related works, a further research on password-authenticated key exchange protocols is carried out. The main results are as follows:1. Aiming at stolen-verifier attack, a method of resisting this attack is given and a new password-based authenticated key agreement protocol is proposed. In this protocol, one side(the client) stores a plaintext version of the password, while the other side(the server) only stores a verifier for the password. The analysis of this new protocol shows that the protocol is secure against stolen-verifier attack, dictionary attack, and the Denning- Sacco attack,and provides the property of the perfect forward secrecy.2. A password-based authenticated key exchange scheme was proposed. The analysis shows that the scheme is secure against dictionary attack under the computational Diffie-Hellman intractability assumption.The scheme preserves user privacy and achieves unlinkability. Furthermore, since denial- of-service(DoS) attacks have become a common threat, DoS-resistantance is a design consideration and the scheme is proved to be secure against denial-of-service attacks.3. A password-authenticated key exchange protocol based on RSA [PNKW2007] is analyzed.The weakness of this protocol is showed and it is pointed out that this protocol is vulnerable to an e-residue attack. 4. An efficient password-authenticated key exchange protocol based on RSA is proposed. The security of this protocol is proven in the random oracle model, and it is shown that this protocol is efficient compared with the existing schemes.